authlogic 4.4.3 → 5.0.4

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module ActsAsAuthentic
     # This provides a handy token that is "perishable", meaning the token is
@@ -33,7 +35,7 @@ module Authlogic
             10.minutes.to_i
           )
         end
-        alias_method :perishable_token_valid_for=, :perishable_token_valid_for
+        alias perishable_token_valid_for= perishable_token_valid_for
 
         # Authlogic tries to expire and change the perishable token as much as
         # possible, without compromising its purpose. If you want to manage it
@@ -44,7 +46,7 @@ module Authlogic
         def disable_perishable_token_maintenance(value = nil)
           rw_config(:disable_perishable_token_maintenance, value, false)
         end
-        alias_method :disable_perishable_token_maintenance=, :disable_perishable_token_maintenance
+        alias disable_perishable_token_maintenance= disable_perishable_token_maintenance
       end
 
       # All methods relating to the perishable token.
@@ -56,12 +58,13 @@ module Authlogic
             extend ClassMethods
             include InstanceMethods
 
-            validates_uniqueness_of :perishable_token, if: :perishable_token_changed?
+            validates_uniqueness_of :perishable_token, case_sensitive: true,
+                                                       if: :will_save_change_to_perishable_token?
             before_save :reset_perishable_token, unless: :disable_perishable_token_maintenance?
           end
         end
 
-        # Class methods for the perishable token
+        # :nodoc:
         module ClassMethods
           # Use this method to find a record with a perishable token. This
           # method does 2 things for you:
@@ -94,7 +97,7 @@ module Authlogic
           end
         end
 
-        # Instance level methods for the perishable token.
+        # :nodoc:
         module InstanceMethods
           # Resets the perishable token to a random friendly token.
           def reset_perishable_token

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module ActsAsAuthentic
     # Maintains the persistence token, the token responsible for persisting sessions. This token
@@ -16,19 +18,23 @@ module Authlogic
             extend ClassMethods
             include InstanceMethods
 
+            # If the table does not have a password column, then
+            # `after_password_set` etc. will not be defined. See
+            # `Authlogic::ActsAsAuthentic::Password::Callbacks.included`
             if respond_to?(:after_password_set) && respond_to?(:after_password_verification)
               after_password_set :reset_persistence_token
               after_password_verification :reset_persistence_token!, if: :reset_persistence_token?
             end
 
             validates_presence_of :persistence_token
-            validates_uniqueness_of :persistence_token, if: :persistence_token_changed?
+            validates_uniqueness_of :persistence_token, case_sensitive: true,
+                                                        if: :will_save_change_to_persistence_token?
 
             before_validation :reset_persistence_token, if: :reset_persistence_token?
           end
         end
 
-        # Class level methods for the persistence token.
+        # :nodoc:
         module ClassMethods
           # Resets ALL persistence tokens in the database, which will require
           # all users to re-authenticate.
@@ -38,7 +44,7 @@ module Authlogic
           end
         end
 
-        # Instance level methods for the persistence token.
+        # :nodoc:
         module InstanceMethods
           # Resets the persistence_token field to a random hex value.
           def reset_persistence_token
@@ -50,7 +56,7 @@ module Authlogic
             reset_persistence_token
             save_without_session_maintenance(validate: false)
           end
-          alias_method :forget!, :reset_persistence_token!
+          alias forget! reset_persistence_token!
 
           private
 

data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module ActsAsAuthentic
+    module Queries
+      # @api private
+      class CaseSensitivity
+        E_UNABLE_TO_DETERMINE_SENSITIVITY = <<~EOS
+          Authlogic was unable to determine what case-sensitivity to use when
+          searching for email/login. To specify a sensitivity, validate the
+          uniqueness of the email/login and use the `case_sensitive` option,
+          like this:
+
+              validates :email, uniqueness: { case_sensitive: false }
+
+          Authlogic will now perform a case-insensitive query.
+        EOS
+
+        # @api private
+        def initialize(model_class, attribute)
+          @model_class = model_class
+          @attribute = attribute.to_sym
+        end
+
+        # @api private
+        def sensitive?
+          sensitive = uniqueness_validator_options[:case_sensitive]
+          if sensitive.nil?
+            ::Kernel.warn(E_UNABLE_TO_DETERMINE_SENSITIVITY)
+            false
+          else
+            sensitive
+          end
+        end
+
+        private
+
+        # @api private
+        def uniqueness_validator
+          @model_class.validators.select { |v|
+            v.is_a?(::ActiveRecord::Validations::UniquenessValidator) &&
+              v.attributes == [@attribute]
+          }.first
+        end
+
+        # @api private
+        def uniqueness_validator_options
+          uniqueness_validator&.options || {}
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb

@@ -4,12 +4,25 @@ module Authlogic
   module ActsAsAuthentic
     module Queries
       # The query used by public-API method `find_by_smart_case_login_field`.
+      #
+      # We use the rails methods `case_insensitive_comparison` and
+      # `case_sensitive_comparison`. These methods nicely take into account
+      # MySQL collations. (Consider the case where a user *says* they want a
+      # case-sensitive uniqueness validation, but then they configure their
+      # database to have an insensitive collation. Rails will handle this for
+      # us, by downcasing, see
+      # `active_record/connection_adapters/abstract_mysql_adapter.rb`) So that's
+      # great! But, these methods are not part of rails' public API, so there
+      # are no docs. So, everything we know about how to use the methods
+      # correctly comes from mimicing what we find in
+      # `active_record/validations/uniqueness.rb`.
+      #
       # @api private
       class FindWithCase
         # Dup ActiveRecord.gem_version before freezing, in case someone
         # else wants to modify it. Freezing modifies an object in place.
         # https://github.com/binarylogic/authlogic/pull/590
-        AR_GEM_VERSION = ActiveRecord.gem_version.dup.freeze
+        AR_GEM_VERSION = ::ActiveRecord.gem_version.dup.freeze
 
         # @api private
         def initialize(model_class, field, value, sensitive)
@@ -21,44 +34,47 @@ module Authlogic
 
         # @api private
         def execute
-          bind(relation).first
+          @model_class.where(comparison).first
         end
 
         private
 
         # @api private
-        def bind(relation)
-          if AR_GEM_VERSION >= Gem::Version.new("5")
-            bind = ActiveRecord::Relation::QueryAttribute.new(
-              @field,
-              @value,
-              ActiveRecord::Type::Value.new
-            )
-            @model_class.where(relation, bind)
-          else
-            @model_class.where(relation)
-          end
+        # @return Arel::Nodes::Equality
+        def comparison
+          @sensitive ? sensitive_comparison : insensitive_comparison
         end
 
         # @api private
-        def relation
-          if !@sensitive
+        def insensitive_comparison
+          if AR_GEM_VERSION > Gem::Version.new("5.3")
+            @model_class.connection.case_insensitive_comparison(
+              @model_class.arel_table[@field], @value
+            )
+          else
             @model_class.connection.case_insensitive_comparison(
               @model_class.arel_table,
               @field,
               @model_class.columns_hash[@field],
               @value
             )
-          elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
+          end
+        end
+
+        # @api private
+        def sensitive_comparison
+          bound_value = @model_class.predicate_builder.build_bind_attribute(@field, @value)
+          if AR_GEM_VERSION > Gem::Version.new("5.3")
+            @model_class.connection.case_sensitive_comparison(
+              @model_class.arel_table[@field], bound_value
+            )
+          else
             @model_class.connection.case_sensitive_comparison(
               @model_class.arel_table,
               @field,
               @model_class.columns_hash[@field],
-              @value
+              bound_value
             )
-          else
-            value = @model_class.connection.case_sensitive_modifier(@value, @field)
-            @model_class.arel_table[@field].eq(value)
           end
         end
       end

data/lib/authlogic/acts_as_authentic/session_maintenance.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module ActsAsAuthentic
     # This is one of my favorite features that I think is pretty cool. It's
@@ -40,7 +42,7 @@ module Authlogic
         def log_in_after_create(value = nil)
           rw_config(:log_in_after_create, value, true)
         end
-        alias_method :log_in_after_create=, :log_in_after_create
+        alias log_in_after_create= log_in_after_create
 
         # In order to turn off automatic maintenance of sessions when updating
         # the password, just set this to false.
@@ -50,7 +52,7 @@ module Authlogic
         def log_in_after_password_change(value = nil)
           rw_config(:log_in_after_password_change, value, true)
         end
-        alias_method :log_in_after_password_change=, :log_in_after_password_change
+        alias log_in_after_password_change= log_in_after_password_change
 
         # As you may know, authlogic sessions can be separate by id (See
         # Authlogic::Session::Base#id). You can specify here what session ids
@@ -62,7 +64,7 @@ module Authlogic
         def session_ids(value = nil)
           rw_config(:session_ids, value, [nil])
         end
-        alias_method :session_ids=, :session_ids
+        alias session_ids= session_ids
 
         # The name of the associated session class. This is inferred by the name
         # of the model.
@@ -77,7 +79,7 @@ module Authlogic
                   end
           rw_config(:session_class, value, const)
         end
-        alias_method :session_class=, :session_class
+        alias session_class= session_class
       end
 
       # This module, as one of the `acts_as_authentic_modules`, is only included
@@ -114,7 +116,7 @@ module Authlogic
             session_class.activated? &&
             maintain_session? &&
             !session_ids.blank? &&
-            persistence_token_changed?
+            will_save_change_to_persistence_token?
         end
 
         def maintain_session?
@@ -174,7 +176,7 @@ module Authlogic
         end
 
         def log_in_after_password_change?
-          persistence_token_changed? && self.class.log_in_after_password_change
+          will_save_change_to_persistence_token? && self.class.log_in_after_password_change
         end
       end
     end

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 module Authlogic
   module ActsAsAuthentic
-    # This module is responsible for maintaining the single_access token. For more
-    # information the single access token and how to use it, see the
-    # Authlogic::Session::Params module.
+    # This module is responsible for maintaining the single_access token. For
+    # more information the single access token and how to use it, see "Params"
+    # in `Session::Base`.
     module SingleAccessToken
       def self.included(klass)
         klass.class_eval do
@@ -25,10 +27,7 @@ module Authlogic
         def change_single_access_token_with_password(value = nil)
           rw_config(:change_single_access_token_with_password, value, false)
         end
-        alias_method(
-          :change_single_access_token_with_password=,
-          :change_single_access_token_with_password
-        )
+        alias change_single_access_token_with_password= change_single_access_token_with_password
       end
 
       # All method, for the single_access token aspect of acts_as_authentic.
@@ -41,7 +40,10 @@ module Authlogic
 
           klass.class_eval do
             include InstanceMethods
-            validates_uniqueness_of :single_access_token, if: :single_access_token_changed?
+            validates_uniqueness_of :single_access_token,
+              case_sensitive: true,
+              if: :will_save_change_to_single_access_token?
+
             before_validation :reset_single_access_token, if: :reset_single_access_token?
             if respond_to?(:after_password_set)
               after_password_set(

data/lib/authlogic/config.rb

@@ -1,6 +1,10 @@
+# frozen_string_literal: true
+
 module Authlogic
+  # Mixed into `Authlogic::ActsAsAuthentic::Base` and
+  # `Authlogic::Session::Base`.
   module Config
-    E_USE_NORMAL_RAILS_VALIDATION = <<~EOS.freeze
+    E_USE_NORMAL_RAILS_VALIDATION = <<~EOS
       This Authlogic configuration option (%s) is deprecated. Use normal
       ActiveRecord validation instead. Detailed instructions:
       https://github.com/binarylogic/authlogic/blob/master/doc/use_normal_rails_validation.md
@@ -8,6 +12,10 @@ module Authlogic
 
     def self.extended(klass)
       klass.class_eval do
+        # TODO: Is this a confusing name, given this module is mixed into
+        # both `Authlogic::ActsAsAuthentic::Base` and
+        # `Authlogic::Session::Base`? Perhaps a more generic name, like
+        # `authlogic_config` would be better?
         class_attribute :acts_as_authentic_config
         self.acts_as_authentic_config ||= {}
       end

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -1,10 +1,13 @@
+# frozen_string_literal: true
+
 module Authlogic
   module ControllerAdapters # :nodoc:
-    # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter
-    # for an example of how to adapt Authlogic to work with your framework.
+    # Allows you to use Authlogic in any framework you want, not just rails. See
+    # the RailsAdapter for an example of how to adapt Authlogic to work with
+    # your framework.
     class AbstractAdapter
       E_COOKIE_DOMAIN_ADAPTER = "The cookie_domain method has not been " \
-        "implemented by the controller adapter".freeze
+        "implemented by the controller adapter"
 
       attr_accessor :controller
 
@@ -26,7 +29,7 @@ module Authlogic
       end
 
       def cookie_domain
-        raise NotImplementedError.new(E_COOKIE_DOMAIN_ADAPTER)
+        raise NotImplementedError, E_COOKIE_DOMAIN_ADAPTER
       end
 
       def params

data/lib/authlogic/controller_adapters/rack_adapter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module ControllerAdapters
     # Adapter for authlogic to make it function as a Rack middleware.

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -1,4 +1,4 @@
-require "action_controller"
+# frozen_string_literal: true
 
 module Authlogic
   module ControllerAdapters
@@ -7,8 +7,6 @@ module Authlogic
     # Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite,
     # etc.
     class RailsAdapter < AbstractAdapter
-      class AuthlogicLoadedTooLateError < StandardError; end
-
       def authenticate_with_http_basic(&block)
         controller.authenticate_with_http_basic(&block)
       end
@@ -20,8 +18,7 @@ module Authlogic
       end
 
       def cookie_domain
-        @cookie_domain_key ||= Rails::VERSION::STRING >= "2.3" ? :domain : :session_domain
-        controller.request.session_options[@cookie_domain_key]
+        controller.request.session_options[:domain]
       end
 
       def request_content_type
@@ -32,26 +29,7 @@ module Authlogic
       # "activates" authlogic.
       module RailsImplementation
         def self.included(klass) # :nodoc:
-          if defined?(::ApplicationController)
-            raise AuthlogicLoadedTooLateError.new(
-              <<~EOS.squish
-                Authlogic is trying to add a callback to ActionController::Base
-                but ApplicationController has already been loaded, so the
-                callback won't be copied into your application. Generally this
-                is due to another gem or plugin requiring your
-                ApplicationController prematurely, such as the
-                resource_controller plugin. Please require Authlogic first,
-                before these other gems / plugins.
-              EOS
-            )
-          end
-
-          # In Rails 4.0.2, the *_filter methods were renamed to *_action.
-          if klass.respond_to? :prepend_before_action
-            klass.prepend_before_action :activate_authlogic
-          else
-            klass.prepend_before_filter :activate_authlogic
-          end
+          klass.prepend_before_action :activate_authlogic
         end
 
         private
@@ -64,7 +42,6 @@ module Authlogic
   end
 end
 
-ActionController::Base.send(
-  :include,
-  Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation
-)
+ActiveSupport.on_load(:action_controller) do
+  include Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation
+end